<?php
/**
* Author: Porlock
* Link: www.porlockz.com
* Date: 2018-04-22 22:35:18
* Last Modified time: 2018-04-22 22:35:22
*/
require_once ('../init.php');
if(@$_GET['action'] == 'register'){
    session_start();
    require_once ('includes/lib/func_register.php');
    $homePage = "/afctf/admin/index.php";
    $login_url = "/afctf/admin/login.php?action=login";
    // 权限控制
    if(!isset($_SESSION['aid'])){
        msg_display('请先登录','error',$login_url);
    }
    // 权限控制
    if($_SESSION['level'] != 0){
        msg_display('抱歉你的权限不足','error',$homePage);
    }
    require_once ('includes/views/root_header.php');
    echo <<<EOT
<!--注册-->
    <link href="/afctf/css/login.css" rel="stylesheet" type="text/css" media="all"/>
    <div class="register-form">
        <div class="first-login">
            <div class="title">
                <h2>管理员注册</h2>
            </div>
            <div class="content-body">
                <form action="/afctf/admin/register.php?action=deal" method="post">

                    <div class="input-wrapper">
                        <input type="text" name="adre_nickname1" required="required" placeholder="请输入你的昵称" maxlength="14">
                    </div>
                    <div class="input-wrapper">
                        <input type="text" name="adre_nickname2" required="required" placeholder="请再次输入你的昵称" maxlength="14">
                    </div>
                    <div class="checkcode-wrapper input-wrapper">
                        <input type="text" id="checkcode-input" name="adre_verify" required="required" placeholder="请输入验证码" maxlength="5">
                        <img id="checkcode-img" src="/afctf/includes/lib/checkcode.php" onclick="this.src='/afctf/includes/lib/checkcode.php?action=refresh'"/>
                    </div>
                    <div>
                        <input class="submit" type="submit"  value="注册">
                    </div>
                </form>
            </div>
        </div>
    </div>

EOT;
require_once ('includes/views/footer.php');
}
/*
 *  1.接收数据
 *  2.检查昵称是否一致
 *  3.随机生成密码
 *  4.返回管理界面首页
 */
elseif (@$_GET['action'] == 'deal'){
    session_start();
    require_once ('includes/views/root_header.php');
    require_once ('includes/lib/func_register.php');
    $homePage = "/afctf/admin/index.php";
    $login_url = "/afctf/admin/login.php?action=login";
    // 权限控制
    if(!isset($_SESSION['aid'])){
        msg_display('请先登录','error',$login_url);
    }
    // 权限控制
    if($_SESSION['level'] != 0){
        msg_display('抱歉你的权限不足','error',$homePage);
    }
    $verify = $_POST['adre_verify'];
    $code = $_SESSION['code'];
    // 使用完验证码之后清除
    unset($_SESSION['code']);
    $register_url = '/afctf/admin/register.php?action=register';
    $login_url = "/afctf/admin/login.php?action=login";
    $nickname1 = $_POST['adre_nickname1'];
    $nickname2 = $_POST['adre_nickname2'];
    $level     = 1;
    // 判断是否填写了验证码
    if(!isset($verify)){
        msg_display('请填写验证码','error',$register_url);
    }
    //  检查验证码是否正确
    if(strnatcasecmp($verify,$code)){
        msg_display('验证码错误','error',$register_url);
    }
    //  检查是否有空数据
    if (!filled_out($_POST)){
        msg_display('表单有空数据','error',$register_url);
    }
    //  检查昵称是否一致
    if ($nickname1 != $nickname2){
        msg_display('两次填写的昵称不一致','error',$register_url);
    }
    // 检查昵称字符
    if (!check_nickname($nickname1)){
        msg_display('昵称只能由汉字、英文、数字和 !@#￥%^&*()._ 组成','error',$register_url);
    }
    // 检查昵称长度
    if (!check_strlength($nickname1,14)){
        msg_display('昵称长度最多为14位','error',$register_url);
    }
    //  随机生成盐值并加密密码获得hash值
    $salt = getrandstr(32);
    $password = getrandstr(8);
    $hashpassword = hash('sha256',$password.$salt);
    //  注册
    $register_insert = "INSERT INTO `admin` (`operator_name`,`salt`,`passwd_hash`,`level`) VALUES (:operator_name,:salt,:passwd_hash,:level)";
    $sth_register = $dbh->prepare($register_insert);
    $sth_register -> bindParam(":operator_name",$nickname1);
    $sth_register -> bindParam(":salt",$salt);
    $sth_register -> bindParam(":passwd_hash",$hashpassword);
    $sth_register -> bindParam(":level",$level);
    $sth_register -> execute();
    // 跳转至登录界面
    msg_alert('新管理员的用户名为：'.$nickname1.'</br>新管理员的随机密码为: '.$password,'success',$login_url);
}
?>